ATM malware is clearly a hot topic and a big concern nowadays for the banking industry. Our experience in this field, backed by recent incidents, shows that this rapidly growing threat is severely hitting ATM infrastructures worldwide. A recent report from Europol and TrendMicro shows also highligts that ATM malware is on the rise.
The attackers were able to breach the financial institution’s internal network, then moving laterally and compromising the software distribution system, which was used to push the malware to multiple ATMs. Once installed on the ATMs, the malware dubbed “RIPPER” was used to “jackpot” them.
The modus operandi of these attacks unveils a combination of sophisticated hacking techniques, deep knowledge of the bank’s internal infrastructure and ATM operations, and the use of cutting-edge ATM malware.
Although the attack has been reported in Thailand, it is highly probable that it has or will hit other countries or regions, and it actually resembles the Carbanak attack that shocked the industry in 2015 (see our blog post).
ATM Jackpotting using RIPPER MalwareATM jackpotting, or the use of malware to “cash-out” ATMs, is nowadays one of the trendiest ATM cybercrime tactics. It is used by the criminals to gain full control of the ATM hardware devices like dispenser, card reader and pinpad, allowing them to steal huge amounts of money in cash without having to use a credit or debit card.
Although jackpotting is nothing new, and there are many well-known malware families using similar techniques (Tyupkin, Suceful, Greendispenser…), the attacks in Thailand seem to be using a new generation of malware dubbed “RIPPER”.